MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,016
14,753



Apple is now offering app-specific passwords for third-party apps that access iCloud, allowing users to generate unique one-time use passwords to sign into iCloud securely. In a support document, Apple describes app-specific passwords as a feature of two-step verification and states that app-specific passwords will be required to sign into iCloud when using a third-party app beginning on October 1, 2014.

appspecificpasswords.jpg
If you use iCloud with any third party apps, such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can generate app-specific passwords that allow you to sign in securely, even if the app you're using doesn't support two-step verification. Using an app-specific password also ensures that your primary Apple ID password isn't collected or stored by any third party apps you might use.
App-specific passwords, which have long been used by other sites like Google, are a function of two-step verification. Typically, two-step verification requires a user to enter a verification code, but oftentimes, the codes will not work properly in third-party apps, so app-specific passwords are substituted instead.

As outlined in the support document, app-specific passwords can be generated by accessing My Apple ID, where the option to generate an app-specific password is listed under Password and Security. According to Apple, users can have up to 25 active app-specific passwords at a time, which are listed in the Password and Security section of My Apple ID.

appspecifichistory.jpg
Generating an app-specific password is limited to accounts with two-factor authentication turned on, and for security reasons, Apple sends an email whenever an app-specific password is generated. App-specific passwords will be revoked whenever a user's primary Apple ID password is changed, requiring new app-specific passwords to be generated.

Apple's new app-specific passwords follow the launch of two-factor verification for accessing iCloud.com and come after a hacking incident that saw the iCloud accounts of several celebrities compromised due to weak passwords.

Apple CEO Tim Cook has promised to improve iCloud security by increasing awareness about two-factor verification, as well as sending out security emails whenever a device is restored, iCloud is accessed, or a password change is attempted.

Article Link: Apple to Require App-Specific Passwords For Third-Party Apps Accessing iCloud
 

jreed91

macrumors regular
Jan 21, 2009
128
0
It feels like apple had all of these securities measures built but just never released for various reasons.
 
Comment

MikhailT

macrumors 601
Nov 12, 2007
4,531
1,205
It feels like apple had all of these securities measures built but just never released for various reasons.

Scaling to millions of users is a very tough task, regardless of how much money the company has. Scaling is what Google excels at, which is why they had almost all of this in place when they had 2FA on and their authenticator app.

Apple's great at creating the demand but they suck at supplying it (scaling).
 
Comment

macMD

macrumors 6502
Nov 25, 2005
347
21
New York
Scaling to millions of users is a very tough task, regardless of how much money the company has. Scaling is what Google excels at, which is why they had almost all of this in place when they had 2FA on and their authenticator app.

Apple's great at creating the demand but they suck at supplying it (scaling).

Are you kidding on that? Apple has the cash hoards to buy companies, staff and figure out how to scale. There is no excuse for their utter lack of real security, celebs or not. Google has done it better for longer because they actually know what they are doing.
 
Comment

rdlink

macrumors 68040
Nov 10, 2007
3,226
2,434
Out of the Reach of the FBI
Scaling to millions of users is a very tough task, regardless of how much money the company has. Scaling is what Google excels at, which is why they had almost all of this in place when they had 2FA on and their authenticator app.

Apple's great at creating the demand but they suck at supplying it (scaling).

Or here's another reason: Apple wants to make sure their users' experience is predictable and as simple as possible.

App specific passwords, and setting up 2FA in Google is a kludgy mess, and has run inconsistently at times, to the point that many people I have recommended do it end up going back to simple password authentication out of pure frustration. Their experience has been similar to mine (and I know what I'm doing). But I recognize the risk involved with using gmail without 2FA, so I have put up with it.
 
Comment

webbuzz

macrumors 68000
Jul 24, 2010
1,910
6,423
Apple is also forcing everyone to change your Apple ID passwords. I just checked 3 of my accounts, each one required a password change.

All 3 passwords were 20 characters generated by LastPass.

dlPI0zB.jpg


eta: Just tried two other accounts and it didn't force a change. Strange, the other three account passwords were changed last week.
 
Comment

rdlink

macrumors 68040
Nov 10, 2007
3,226
2,434
Out of the Reach of the FBI
Comment

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
... That Google users have been using for about 7 years now.
Your point? I be people didn't use it back then also
Thanks Kirsten Dunst! :rolleyes:
I think this was coming out soon seeing it was tested a few months ago

----------

And by 7 years you mean 3, correct?

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

Way to build credibility. Oh, and by the way, if you ask 10 gmail users on the street today whether they use 2FA on their gmail account I would be willing to bet at least 7 of them say, "What's that?"
Very true, so many people have no clue what it is.
 
Comment

Parasprite

macrumors 68000
Mar 5, 2013
1,698
144
I haven't heard or thought about using passwords like this before, but finally!
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.